adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5cccb246-0da0-4c93-a463-61fe0a016219.json

525 lines
No EOL
16 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "0",
"date": "2019-05-03",
"extends_uuid": "",
"info": "ESET Turla LightNeuron Research",
"publish_timestamp": "1557477502",
"published": true,
"threat_level_id": "4",
"timestamp": "1607525139",
"uuid": "5cccb246-0da0-4c93-a463-61fe0a016219",
"Orgc": {
"name": "ESET",
"uuid": "55f6ea5e-51ac-4344-bc8c-4170950d210f"
},
"Tag": [
{
"colour": "#12e200",
"local": false,
"name": "misp-galaxy:threat-actor=\"Turla Group\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"PowerShell - T1086\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Valid Accounts - T1078\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Automated Collection - T1119\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Network Configuration Discovery - T1016\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Automated Exfiltration - T1020\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data Encrypted - T1022\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data from Local System - T1005\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Email Collection - T1114\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data Obfuscation - T1001\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Scheduled Transfer - T1029\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Standard Application Layer Protocol - T1071\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Standard Cryptographic Protocol - T1032\"",
"relationship_type": ""
},
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": false,
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": false,
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919229",
"to_ids": false,
"type": "md5",
"uuid": "6f5800ff-87e0-46fc-adac-807018e9d07f",
"value": "9ed3438587e25073c17e82958010a3aa"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919226",
"to_ids": false,
"type": "sha1",
"uuid": "64d9f4ac-632e-458b-af36-a2e6e1d2bd57",
"value": "3c851e239fbf67a03e0dae8f63eee702b330db6c"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919223",
"to_ids": false,
"type": "sha256",
"uuid": "90bcabcb-b2fb-4e73-a1a1-88f8a9e186df",
"value": "fec68a0fea0019c878c8a348976c0ec0b8ecf6e7c63fe99afabfff2b7e6d4b11"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919213",
"to_ids": false,
"type": "md5",
"uuid": "4f4bdd4d-f0c4-4761-bed8-711f1b3b7744",
"value": "2b14f9f3c758a2cf842a61aca6a3455d"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919202",
"to_ids": false,
"type": "sha1",
"uuid": "25408199-95da-448d-a95f-a222dc7ba162",
"value": "f9d52bb5a30b42fc2d1763be586cee8a57424732"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919196",
"to_ids": false,
"type": "sha256",
"uuid": "66fa127c-7625-441a-b0ab-bc0b72403ca8",
"value": "25facbc4265ca90f0508e77e97e1e6fcc7e46f6cca316b251b06d41232f6360c"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556918970",
"to_ids": false,
"type": "text",
"uuid": "5df144ba-2702-4d5b-9070-a089c28fe905",
"value": "MSIL/Turla.A"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919193",
"to_ids": false,
"type": "md5",
"uuid": "4440b265-2377-474c-83f1-8c8f24348f57",
"value": "5924eac8af1f3e3f1f825998bc59c062"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919189",
"to_ids": false,
"type": "sha1",
"uuid": "17417300-6cef-4720-8772-b90887ce8cb9",
"value": "0a9f10925af42df94925d07112f303d57392c908"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919187",
"to_ids": false,
"type": "sha256",
"uuid": "24645bfe-0e15-4c57-806e-27b6dacb18e8",
"value": "88c90c2b123a357423ab3241624cba49d57122ee3b8ff4130504090c174bb09d"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556918976",
"to_ids": false,
"type": "text",
"uuid": "22e9a8ca-f758-440b-befe-f5cec1d249d0",
"value": "Win64/Turla.CC"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919181",
"to_ids": false,
"type": "md5",
"uuid": "eea9d060-4ae7-41f8-ac22-a4a0c15a31b5",
"value": "c86e40e1fd2bd477a7f0cfed63fbca4a"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919184",
"to_ids": false,
"type": "sha1",
"uuid": "09c6ef7c-ff1a-4b86-9d87-74b859bfbfae",
"value": "76ee1802a6c920cbeb3a1053a4ec03c71b7e46f8"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919160",
"to_ids": false,
"type": "sha256",
"uuid": "6af7a8c3-f17d-43fb-8c10-1602910bc038",
"value": "92af9451d6809e035246869e53a56e1717224b28e8e96af4d80573264435d524"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919123",
"to_ids": false,
"type": "md5",
"uuid": "edfdb3f9-c762-46d9-8597-29cc5f1fa50e",
"value": "7519b8c8ed36ec0840112bf9581717a3"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919120",
"to_ids": false,
"type": "sha1",
"uuid": "7111a10b-7725-4579-96b6-cf01f779b816",
"value": "c1ff6804fdb8656ab08928d187837d28060a552f"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919117",
"to_ids": false,
"type": "sha256",
"uuid": "0b557f56-389f-4c44-abf0-1d464922eb01",
"value": "c730d1af146bc420a1dfbbc647e53133a95cc87e9e519f37a01a413410e16498"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919113",
"to_ids": false,
"type": "md5",
"uuid": "606aa8cc-8fe7-4a35-8755-7804c04a19d3",
"value": "32d92f9c125816c5ffd407577ad3ccc2"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919110",
"to_ids": false,
"type": "sha1",
"uuid": "d8cc496a-4c78-4d26-8ded-e605b7f65179",
"value": "ff28b53b55bc77a5b4626f9db856e67ac598c787"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919107",
"to_ids": false,
"type": "sha256",
"uuid": "60abe762-ba0e-46a0-86a9-d9de3a6ef85e",
"value": "d01745a8f454fbf173c8b410f279a84fd3b2dace379c1d67ba9b40c9813b200d"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919102",
"to_ids": false,
"type": "md5",
"uuid": "21bf9cf9-356b-44cd-9b40-534f3d26ace6",
"value": "e1fdde61d9db9d6875994e4a412987f7"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919097",
"to_ids": false,
"type": "sha1",
"uuid": "1ce77aca-09f7-4e3b-b249-444b349dd34c",
"value": "556674f08ecca84d19a8a756e3457dbf6aff4a1c"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919094",
"to_ids": false,
"type": "sha256",
"uuid": "efc3fcdc-9987-43a4-82b3-c6b51f28e9f4",
"value": "ce01c8087368b7938175b217e9d4e2b50bbd3007d6f9b786d9b86a38a1acbc85"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919042",
"to_ids": false,
"type": "sha1",
"uuid": "5cccb302-f18c-4e72-9744-65540a016219",
"value": "a4d1a34fe5effd90ccb6897679586ddc07fbc5cd"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919055",
"to_ids": false,
"type": "md5",
"uuid": "5cccb30f-1b18-476d-9558-5d380a016219",
"value": "55319464e46e2c31d22b39b46d5477fb"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919083",
"to_ids": false,
"type": "sha256",
"uuid": "5cccb32b-8110-48f1-a6a8-65560a016219",
"value": "14f530e16e8c6dbac02f1bde53594f01b7edab9c45c4c371a3093120276ffaf1"
},
{
"category": "Artifacts dropped",
"comment": "config file",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919373",
"to_ids": false,
"type": "filename",
"uuid": "5cccb441-3720-468d-88a1-5d3a0a016219",
"value": "%tmp%\\winmail.dat"
},
{
"category": "Artifacts dropped",
"comment": "log file",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919361",
"to_ids": false,
"type": "filename",
"uuid": "5cccb441-1e60-443e-919e-5d3a0a016219",
"value": "%WINDIR%\\ServiceProfiles\\NetworkService\\appdata\\Local\\Temp\\msmocf.xml"
},
{
"category": "Artifacts dropped",
"comment": "log file",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919361",
"to_ids": false,
"type": "filename",
"uuid": "5cccb441-f920-4f2e-95bf-5d3a0a016219",
"value": "%WINDIR%\\ServiceProfiles\\NetworkService\\appdata\\Local\\Temp\\msmodl.dat"
},
{
"category": "Artifacts dropped",
"comment": "log file",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919361",
"to_ids": false,
"type": "filename",
"uuid": "5cccb441-cff8-4af7-b7ad-5d3a0a016219",
"value": "Windows\\814ad43-58ab-2cd3-3e68-b82a8f402fd0"
},
{
"category": "Artifacts dropped",
"comment": "log file",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919361",
"to_ids": false,
"type": "filename",
"uuid": "5cccb441-9730-46ba-ac64-5d3a0a016219",
"value": "Windows\\42cf8a1-6e20-8c24-d35f-82c46d8b70ba"
},
{
"category": "Artifacts dropped",
"comment": "log file",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919361",
"to_ids": false,
"type": "filename",
"uuid": "5cccb441-5ae4-450a-9e04-5d3a0a016219",
"value": "%WINDIR%\\serviceprofiles\\networkservice\\appdata\\Roaming\\Microsoft\\"
},
{
"category": "Artifacts dropped",
"comment": "log file",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919361",
"to_ids": false,
"type": "filename",
"uuid": "5cccb441-253c-4882-85f1-5d3a0a016219",
"value": "Windows\\36b1f4a-82b9-eb06-7c1e-90b4b2d5c27d"
},
{
"category": "Artifacts dropped",
"comment": "log file",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919361",
"to_ids": false,
"type": "filename",
"uuid": "5cccb441-f7c8-4e1c-bfc9-5d3a0a016219",
"value": "%WINDIR%\\ServiceProfiles\\NetworkService\\AppData\\Roaming\\Microsoft\\thumbcache_idx.db"
},
{
"category": "Artifacts dropped",
"comment": "log file",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556919361",
"to_ids": false,
"type": "filename",
"uuid": "5cccb441-b8c0-4633-904e-5d3a0a016219",
"value": "%WINDIR%\\ServiceProfiles\\NetworkService\\AppData\\Roaming\\Microsoft\\Windows\\thumbcache_32.db"
},
{
"category": "External analysis",
"comment": "White Paper",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556920513",
"to_ids": false,
"type": "url",
"uuid": "5cccb8c1-67d4-43c3-b904-65540a016219",
"value": "https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf"
}
]
}
}
Reference in a new issue View git blame Copy permalink